Data sharing pact between the EU and the US has been invalidated by the European Court of Justice. The ruling was based on the inadequate protection of European citizens’ data under the Privacy Sheild data-sharing. This is a major blow to companies that rely on data transfer between the EU-US.<\/p>\n\n\n\n
In the past few years, the European Commission has worked towards protecting the privacy and data of European Citizens. They introduced the General Data Protection Regulation GDPR mid-2018, which promised heavy fines against all who violate the privacy and security standards laid out by the regulation. On the other hand, the EU-US Privacy Shield was put into effect 2 years earlier in 2016 and was introduced as an improvement to the previous Safe Harbor Decisions. Today, The European Commission has invalidated the pact. It ruled that there was no guarantee that people’s data were protected to the same standard in the US as in the EU.<\/p>\n\n\n\n
When the terms data transfer and sharing are used, it does not mean sending an email, or booking a hotel room in the US while you’re still in the EU. Here we are talking about mostly big Data, processing, and storing. There are many companies that transfer their data to the US for processing (mostly to reduce costs or ease of management). Most of these will now have to rely on regional solution providers, i.e. process European data within the EU.<\/p>\n\n\n\n
However, there is always something between the lines. Large companies like Facebook, process data in the US using Standard Contractual Clauses (SCCs). This mechanism has not been invalidated, as long as it upholds the same standard outline in the GDPR. Hence companies that previously relied on the Privacy Shelied can still operate as long as they switch to the SCCs.<\/p>\n\n\n\n
The Court of Justice declared the Privacy Shield decision invalid, but also confirmed that the standard contractual clauses remain a valid tool for the transfer of personal data to processors established in third countries<\/p>Vice-President Jourov\u00e1<\/a><\/cite><\/blockquote>\n\n\n\n
What this means for EU citizens<\/h2>\n\n\n\n
Under Article 49<\/a> of GDPR, Data can still be transferred to the US from the EU, as long as it fulfils the minimum requirements. You as a user can also give your consent to transfer your data, and can also withdraw this consent at any time.<\/p>\n\n\n\n
Some might even call this a win for privacy rights, and data protection. As an EU citizen, you have the right that your data is processed fairly with your consent and for defined purposes. When an American company chooses to process your Data in the US, you risk that the US National Security Agency (NSA) will gain access to that data. Now the EU Commission has taken an extra step in ensuring your data rights.<\/p>\n\n\n\n
- Read more about how your online privacy while browsing the internet here<\/a>.<\/strong><\/li><\/ul>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
The data battle, if we can call it that, is far from over. Reforms will soon follow, and new issues will be set in focus; who controls the data, who owns them, and how to ensure they don’t fall in the hands of a third party. <\/p>\n\n\n\n
Miklagard operates under the guidelines and regulations of the EU, where Data protection and privacy is important. If you want to learn more about this topic or require assistance leave a comment below, or simply contact us here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"